CAS-001 · Question #454
CAS-001 Question #454: Real Exam Question with Answer & Explanation
The correct answer is D: Place the remote desktop server(s) on a screened subnet, and implement two-factor. Option D - placing RDP servers on a screened subnet (DMZ) with two-factor authentication - is the best answer because it directly satisfies both requirements: ease of use (RDP is retained as management requested) and protection from direct ingress exposure (RDP servers are isolat
Question
Options
- ADeploy a remote desktop server on your internal LAN, and require an active directory integrated
- BChange remote desktop to a non-standard port, and implement password complexity for the
- CDistribute new IPSec VPN client software to applicable parties. Virtualize remote desktop services
- DPlace the remote desktop server(s) on a screened subnet, and implement two-factor
Explanation
Option D - placing RDP servers on a screened subnet (DMZ) with two-factor authentication - is the best answer because it directly satisfies both requirements: ease of use (RDP is retained as management requested) and protection from direct ingress exposure (RDP servers are isolated in a DMZ rather than on the internal LAN or directly internet-facing). A screened subnet acts as a buffer zone so internal Windows systems are never directly reachable from the internet. Two-factor authentication mitigates credential-based attacks. Option A puts RDP on the internal LAN, directly exposing internal systems. Option B (non-standard port + password complexity) relies on security through obscurity and weak controls - port scanning easily finds non-standard RDP ports. Option C introduces IPSec VPN and virtualizes RDP, which changes the architecture significantly and adds complexity, though it is a reasonable security approach, it does not directly address the screened subnet requirement stated.
Community Discussion
No community discussion yet for this question.